Efficient Browser-Based Identity Management Providing Personal Control and Anonymity

1. A system for providing identity-related information, said system comprising: A) a requesting entity computer; B) a client application interacting with the requesting entity computer, performing browser-based application-dependent interactions; and C) at least one location entity computer possessing identity-related information of an anonymous user of the client application, wherein said identity-related information comprises at least a pseudonym of the anonymous user, and a reference to a prescribed security policy setting requirements on said identity-related information; wherein the requesting entity computer is configured to perform: requesting from the client application location information corresponding to a location entity computer selected by the client application; receiving the location information from the client application; responsive to receiving the location information, issuing a redirect command to the client application, said redirect command suspending the communication with the client application, pursuant to which the client application establishes a connection with the selected location entity computer for instructing said selected location entity computer to transfer the identity-related information to the requesting entity computer; wherein the redirect instruction further enables the selected location entity computer to recognize the requesting entity computer; once recognized by the location entity computer, obtaining the identity-related information, the obtaining step comprising: receiving contact from the selected location entity computer; providing authentication to the selected location entity computer; requesting the identity-related information from the selected location entity computer; and receiving the identity-related information from the selected location entity computer, along with a part of the prescribed security policy instructing the requesting entity to act in certain ways regarding said identity-related information; wherein the identity-related information does not breach the user's anonymity; and receiving a connect back from the client application, thereby resuming the communication with the client application.

2. The system of claim 1 wherein one client application interacts with multiple location entity computers.

3. The system of claim 1 , wherein the identity-related information is provided by a further location entity computer and is obtainable by the requesting entity computer via the selected location entity computer, the location information of the further location entity computer being stored on the selected location entity computer.

4. The system of claim 1 wherein the transport protocol used between the requesting entity computer and the client application, and between the selected location entity computer and the client application, is a secure Hyper Text Transfer Protocol.

5. The system of claim 1 wherein the received location information is relative to a location of the client application.

6. The system of claim 1 wherein requesting the identity-related information further comprises a step of accepting an authentication from the selected location entity computer under a location entity pseudonym.

7. The system of claim 1 wherein the selected location entity computer is remote from the client application.

8. A system for providing identity-related information, said system comprising: A) a requesting entity computer; B) a client application interacting with the requesting entity computer, performing browser-based application-dependent interactions; and C) at least one location entity computer possessing identity-related information of a user of the client application who is anonymous to the requesting entity computer; wherein the identity-related information comprises a pseudonym of the anonymous user, and a reference to a prescribed security policy setting requirements on said identity-related information; wherein the client application performs the following steps: receiving a location request from the requesting entity computer for requesting location information of a location entity computer selected by the client application; transmitting the location information of the selected location entity computer to the requesting entity computer; receiving a redirect command comprising a redirect instruction from the requesting entity computer, said redirect suspending the communication with the requesting entity computer; pursuant to the redirect command, establishing a connection with the selected location entity computer for instructing the selected location entity computer to transfer the identity-related information to the requesting entity computer, wherein the selected location entity computer is unable to recognize the requesting entity computer without instruction from the client application; receiving a redirect command from the selected location entity computer after the requesting entity computer has provided authentication to the selected location entity computer and received the requested identity-related information, along with a part of the prescribed security policy instructing the requesting entity to act in certain ways regarding said identity-related information, wherein said identity-related information does not breach the user's anonymity; and resuming the interaction with the requesting entity computer.

9. The system of claim 8 wherein a transport protocol used between the requesting entity computer and the client application, and between the selected location entity computer and the client application is a secure Hyper Text Transfer Protocol.

10. The system of claim 8 wherein the selected location entity computer is remote from the client application.

11. The system of claim 8 wherein the step of establishing the connection with the selected location entity computer comprises establishing a connection with a first of a plurality of location entities, wherein different types of identity-related information are stored in each of the plurality of the location entities.

12. The system of claim 11 wherein the first of the plurality of the location entities stores location information for a second of the plurality of location entities.

13. The system of claim 11 further comprising: preceding the transmitting step with a step of generating a value k; wherein the transmitting step further comprises transmitting the generated value k together with the requested identity information; receiving a return address from the requesting entity computer; and wherein the performing step further comprises transmitting the generated value k and the return address to the client application, such that the client application is able to connect to the return address and the requesting entity computer is able to authenticate the client application using the generated value k.

14. The system of claim 13 wherein the value k is randomly generated.

15. The system of claim 11 wherein the selected location entity computer stores location information for one of a plurality of location entity computers.

16. A computer program product for providing identity-related information, said computer program product comprising a non-transitory computer readable storage medium comprising computer program instructions causing a computer to perform: at a requesting entity computer, requesting location information from a client application, said location information corresponding to at least one location entity computer possessing the identity-related information of an anonymous user engaged in communication with said client application for performing application-dependent interactions with the requesting entity computer; wherein said identity-related information comprises at least a pseudonym of the anonymous user, and a reference to a prescribed security policy setting requirements on said identity-related information; at the requesting entity computer: receiving the location information from the client application, said location information specified a location entity computer selected by said client application; issuing a redirect command comprising a redirect instruction to the client application, said redirect command suspending the communication with the client application, pursuant to which the client application establishes a connection with the selected location entity computer for instructing the selected location entity computer to transfer the identity-related information to the requesting entity computer; wherein the redirect instruction further enables the selected location entity computer to recognize the requesting entity computer; once recognized by the location entity computer, obtaining the identity-related information, the obtaining step comprising: receiving contact from the selected location entity computer; providing authentication to the selected location entity computer; requesting the identity-related information from the selected location entity computer; and receiving the identity-related information from the selected location entity computer, along with a part of the prescribed security policy instructing the requesting entity to act in certain ways regarding said identity-related information; wherein said identity-related information does not breach the user's anonymity, wherein the receiving step prompts the selected location entity computer to issue a redirect command to the client application using a hypertext transfer protocol redirect and a simple object access protocol; and receiving a connect back from the client application, thereby resuming the communication with the client application.

17. The computer program product of claim 16 further comprising computer program instructions causing a computer to perform: preceding the transmitting step with a step of generating a value k; wherein the transmitting step further comprises transmitting the generated value k together with the requested identity information; receiving a return address from the requesting entity computer; and wherein the performing step further comprises transmitting the generated value k and the return address to the client application, such that the client application is able to connect to the return address and the requesting entity computer is able to authenticate the client application using the generated value k.

18. The computer program product of claim 17 wherein the value k is randomly generated.

19. The computer program product of claim 16 wherein the selected location entity computer stores location information for one of a plurality of location entity computers.

20. The computer program product of claim 16 wherein a transport protocol used between the requesting entity computer and the client application, and between the selected location entity computer and the client application is a secure Hyper Text Transfer Protocol.